Ransomware Readiness Assessment

If you are not ready for Ransomware, we will show you how to prepare!

Spend a day with us discovering ways to protect from Ransomware & receive a detailed plan on how to fix everything we discovered

What makes our Ransomware Readiness Assessment Service different?

Hear about our Ransomware Readiness Assessment from your auditor, Alex:

You may be ready, but are you prepared?

Ready means willing. Prepared, means capable.

These are two very different states. We will prepare your organization for a Ransomware attack, so you could be ready for it when it hits.

The Ransomware Readiness Assessment covers these topics:

Experience what it's like to be stress-free

Let us take care of cybersecurity for you!

Our mission: Provide SMBs with a Clear visibility of their exposure to cyber attacks

A Ransomware Readiness Assessment checks how resilient is your IT infrastructure to an attack or human error. Its scope depends on the size of your organization.

We audit the controls in place (or their absence). These controls might be administrative, or in other words, the practices employed by your administrators. They could also be technical or even physical.

ad security assessment prep

Our Ransomware Readiness Assessment Process

Planning for the audit execution

Before conducting a Ransomware Readiness Assessment, we always have a series of meetings with your organization’s executives and IT administrative personnel. 

These meetings help establish the reasons behind the assessment and its strategic security objectives. Is regulatory compliance driving your desire to audit your IT systems? Were you a victim of a security breach? Or do you want to have full visibility into how prepared you are for a hacking attack?

Here is our RRA Preparation Process:

  • A strategic meeting with management
  • Meeting with the IT team
  • Review of the clients’ business – departments, management team, critically important production facilities, IT infrastructure. 
  • Policy and procedure review. 
  • Documentation review.
  • Scheduling meetings with will all employees participating in the IT security audit. 
  • Final scope agreement.

Preparing for an Ransomware Readiness Assessment

Give me six hours to chop down a tree and I will spend the first four sharpening my ax.
― Abraham Lincoln

Besides the mandatory pre-audit meetings with management, the client usually has to undergo internal preparation for the IT Security assessment service.

On the client’s side, the following items need to be taken care of:

  • a dedicated meeting room
  • a secure internet connection which is disconnected from the main corporate network
  • scheduling each meeting between the security auditor and the respective team member

There might be technical details such as what is the auditor allowed to access and what information can they ask for as proof, as well as how this information will be stored and analyzed safely.

prepare for ad security assessment
ad security assessment report

Communication during the RRA and After

Communication is key in every business process.

Active Directory security audits are no exception, and we need to add a few extra requirements and dependencies.

Do you suspect a security breach happened prior to initiating the assessment? Can the attackers listen in on any internal email communication? In that case, most audit-related communications need to happen outside your corporate network. In other words, they have to happen over the phone or via secure instant messaging, avoiding your corporate email service.

There are several key stages during which communication is key:

  • prior to starting the assessment, to clarify all expectations on both sides and set the tone;
  • during the Active Directory security assessment, to ensure all questions asked are understood and all evidence given is clear and not fabricated or modified in any way;
  • after the audit when the report is received and discussed. Use this stage as another option to obtain ideas and advice on implementing the suggested improvements.

The report you receive sometimes has the tendency to heat up political discussions and start the process of blaming each other for the faults discovered. This is not productive.

What we encourage our customers to do is see the report as an excellent opportunity to get better at everything you do and beat your competition at it. Rest assured, if we went to your competitors, we might find similar or even worse findings. So be happy you were the first to discover your faults and get ready to be the first to fix them!

Understanding the Step-by-step Ransomware Readiness Security Improvement Plan

Your Ransomware Readiness Report will contain an executive section for senior management and a technical section for IT and security personnel.

The Executive Section of the report usually focuses on the business impact of the findings and on prioritization advice. This way management can request specific actions to be expedited and will know about their own responsibility to fund these efforts. Sometimes this also means hiring extra pairs of hands.

The technical section of the report will also be split in High Criticality, Medium Criticality, and Low criticality findings.

Each finding will be paired with its respective advice on fixing the finding – focus on the fix rather than finding who to blame for the finding, it is the only productive way to read and act upon your IT security audit report.

understanding the ad security report

This Ransomware Readiness Assessment (RRA) will help you understand your cybersecurity posture with respect to the ever-evolving threat of ransomware. The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced. This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories. 

The Ransomware Readiness Assessment process takes one business day. 

Preparing your Step-by-step Ransomware Prevention Plan takes another two business days. 

In total, the whole process takes 3 business days. 

We welcome you to record the RRA security audit sessions on your own — we discuss so many topics and our team provides such valuable input, that it would be a huge loss if you couldn’t watch the sessions later and extract valuable insight from them. 
If you ask us, we will also record the sessions for you and provide you with the recordings. We will delete the recordings after the IT Security Audit is complete.

Experience what it's like to be stress-free

Let us take care of cybersecurity for you!

Customize your Ransomware Readiness Assessment